This is automated, but there are some semiautomatic steps, most of which can be done with sysmerge(8), which is not in 4.3, but is in 4.4 and above. Follow each release's upgrade guide. Or, conduct a fresh installation, and rebuild your firewall and other services.

Doing incremental upgrades like that is very tedious, but, releases are made every 6 months so if one leaves a system to stagnate for several releases, they end up making it harder to upgrade.

A fresh installation would probably be the best route to take, but, that won't preserve any changes made to the system.

Maintaining a system that was configured by someone else is a enormous job if you have no familiarity with the system, or what services it was providing for your employers network.. I do hope for your sake that the previous maintainer left behind lots of documentation, so you can replicate the configuration.

4.8 will be released soon, in a few months, so hopefully this will give you time to become familiar with this system, and OpenBSD in particular, hopefully making this migration a lot less painful in the future, just remember to keep it regularly maintained and upgraded.

Doing incremental upgrades like that is very tedious, but, releases are made every 6 months so if one leaves a system to stagnate for several releases, they end up making it harder to upgrade.

A fresh installation would probably be the best route to take, but, that won't preserve any changes made to the system.

Maintaining a system that was configured by someone else is a enormous job if you have no familiarity with the system, or what services it was providing for your employers network.. I do hope for your sake that the previous maintainer left behind lots of documentation, so you can replicate the configuration.

4.8 will be released soon, in a few months, so hopefully this will give you time to become familiar with this system, and OpenBSD in particular, hopefully making this migration a lot less painful in the future, just remember to keep it regularly maintained and upgraded.

There is no documentation to speak of unfortunately so this isn't going to be a very fun process. I think I might just go through the tedious process of updating from 4.3 > 4.4 > ... > 4.8.

I would rather do that than risk breaking something that is critical as this is a production firewall.

IT professionals that don't properly document things are very frustrating. Sure you're adding job security, but you're also preventing yourself from getting promoted or taking a vacation.

That's sad, but at least this gives you the opportunity to outshine your predecessor, try and document the changes he made from the "vanilla" installation of 4.3.

I do believe that this system should be upgraded, but, doing so without first doing some initial research would be a mistake.. it may be running 3rd party software from the ports tree or things they manually compiled (..or wrote) and a premature upgrade could theoretically break things and leave you in a awkward situation of trying to restore functionality of what is essentially a "black box" to you.

I fear that you may have bitten off more than you can chew, I would not want to be in your situation.. but we'll do our best to help you with any questions you may have, but 4.3 is generations ago and it may time time for us to formulate something resembling a response.

That's sad, but at least this gives you the opportunity to outshine your predecessor, try and document the changes he made from the "vanilla" installation of 4.3.

I do believe that this system should be upgraded, but, doing so without first doing some initial research would be a mistake.. it may be running 3rd party software from the ports tree or things they manually compiled (..or wrote) and a premature upgrade could theoretically break things and leave you in a awkward situation of trying to restore functionality of what is essentially a "black box" to you.

I fear that you may have bitten off more than you can chew, I would not want to be in your situation.. but we'll do our best to help you with any questions you may have, but 4.3 is generations ago and it may time time for us to formulate something resembling a response.

Good luck!

It's not a super complex network so I think I should be okay in terms of handling the situation...I just need to be careful with how I approach things.

I probably could build a new firewall to the best of my ability in regards to how the network appears to be configured and then just find out that what is broken and what needs to be fixed. However, I haven't worked with OpenBSD before so I'd rather use this as a learning opportunity and establish a new skillset.

This seems like a pretty helpful forum, I'm glad I made my way here. Thanks again for the advice thus far.

I probably could build a new firewall to the best of my ability in regards to how the network appears to be configured and then just find out that what is broken and what needs to be fixed. However, I haven't worked with OpenBSD before so I'd rather use this as a learning opportunity and establish a new skillset.

This sounds like you have put some thought into it, but you should also factor in the exceedingly short shelf life of firewall software.

Given that the purpose of firewalls is to plug/thwart many of the vectors malevolent souls exploit to either get past security roadblocks or perform malicious acts, making sure firewall software is current & patched should be a paramount goal.

Also if I recall correctly, there were significant performance enhancements made to both OpenBSD 4.2 & 4.4. Once you become familiar with the terrain, moving to 4.7 (& OpenBSD 4.8 will be released in November...) should be high on your list of things to get done.

The firewall script (/etc/pf.conf, usually) will tell you how the thing acts as a firewall. That cannot be moved, unchanged, to 4.7, but the upgrade guides along the way will explain what changes will need to be made.

The /etc/hostname.* files will give you your network configuration. The hostname.if(5) man page will help you understand those files.

The pkg_info(1) command will tell you all 3rd party software installed on your platform through the packages/ports system, described in FAQ 15.

The sysctl.conf(5) file will show any "knobs" that might have been turned -- routers/firewalls, for instance, should have ip forwarding enabled there.